Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windowsoperating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker.

All these five vulnerabilities in Windows Microsoft Graphics were discovered and responsibly disclosed by Hossein Lotfi, a security researcher at Flexera Software.
CVE-2018-1010
CVE-2018-1012
CVE-2018-1013
CVE-2018-1015
CVE-2018-1016